Integer Overflow or Wraparound

Affecting imagemagick package, versions *

Report new vulnerabilities
low severity
Do your applications use this vulnerable package? Test your applications

NVD Description

Note: Versions mentioned in the description apply to the upstream imagemagick package.

A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Remediation

There is no fixed version for Debian:10 imagemagick.

References

CVE
CVE-2021-20312
CWE
CWE-190
Snyk ID
SNYK-DEBIAN10-IMAGEMAGICK-1246263
Disclosed
11 May, 2021
Published
15 Apr, 2021